网络安全巡逻:检测假冒易受攻击的wifi打印机

Jinghui Toh, Muhammad Hatib, Omer Porzecanski, Y. Elovici
{"title":"网络安全巡逻:检测假冒易受攻击的wifi打印机","authors":"Jinghui Toh, Muhammad Hatib, Omer Porzecanski, Y. Elovici","doi":"10.1145/3019612.3019722","DOIUrl":null,"url":null,"abstract":"Many printers nowadays support Wi-Fi connectivity. Some organizations opt to disable their printer's wireless connectivity, others are not aware at all that it is enabled and some enable it in an encrypted form. In this paper we demonstrate how an application called \"pFaker\" running on a mobile device or smart watch can be used to mimic a printer's Wi-Fi connectivity and functionalities in order to harm user privacy by unobtrusively stealing print jobs. To mitigate these risks, we developed a mobile application called \"Cyber-Security Patrol\". We demonstrate how a mobile phone running Cyber-Security patrol can be placed on a drone or an autonomous vacuum cleaner to search for devices that try to mimic the printer's Wi-Fi connectivity and for printers that expose unsecured wireless connection in the target organization. Cyber-Security Patrol takes photos of the location where unauthorized Wi-Fi enabled printers were detected and sends them to the organization's administrator. For cases that the Wi-Fi enabled printer is legitimate but unsecured, Cyber Security Patrol sends a print job to the printer with detailed instructions on how to secure the specific printer model as identified based on its Service Set Identifier (SSID). A demo that demonstrates one of the use cases can be found here: https://www.youtube.com/watch?v=aJ2ZG04BrjM","PeriodicalId":20728,"journal":{"name":"Proceedings of the Symposium on Applied Computing","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Cyber security patrol: detecting fake and vulnerable wifi-enabled printers\",\"authors\":\"Jinghui Toh, Muhammad Hatib, Omer Porzecanski, Y. Elovici\",\"doi\":\"10.1145/3019612.3019722\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many printers nowadays support Wi-Fi connectivity. Some organizations opt to disable their printer's wireless connectivity, others are not aware at all that it is enabled and some enable it in an encrypted form. In this paper we demonstrate how an application called \\\"pFaker\\\" running on a mobile device or smart watch can be used to mimic a printer's Wi-Fi connectivity and functionalities in order to harm user privacy by unobtrusively stealing print jobs. To mitigate these risks, we developed a mobile application called \\\"Cyber-Security Patrol\\\". We demonstrate how a mobile phone running Cyber-Security patrol can be placed on a drone or an autonomous vacuum cleaner to search for devices that try to mimic the printer's Wi-Fi connectivity and for printers that expose unsecured wireless connection in the target organization. Cyber-Security Patrol takes photos of the location where unauthorized Wi-Fi enabled printers were detected and sends them to the organization's administrator. For cases that the Wi-Fi enabled printer is legitimate but unsecured, Cyber Security Patrol sends a print job to the printer with detailed instructions on how to secure the specific printer model as identified based on its Service Set Identifier (SSID). A demo that demonstrates one of the use cases can be found here: https://www.youtube.com/watch?v=aJ2ZG04BrjM\",\"PeriodicalId\":20728,\"journal\":{\"name\":\"Proceedings of the Symposium on Applied Computing\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-04-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Symposium on Applied Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3019612.3019722\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Symposium on Applied Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3019612.3019722","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7

摘要

现在许多打印机都支持Wi-Fi连接。有些企业选择禁用打印机的无线连接,有些企业根本不知道打印机已经启用了无线连接,有些企业则以加密的形式启用了无线连接。在本文中,我们演示了一个名为“pFaker”的应用程序如何运行在移动设备或智能手表上,可以用来模仿打印机的Wi-Fi连接和功能,从而通过不显眼地窃取打印作业来损害用户隐私。为了降低这些风险,我们开发了一个名为“网络安全巡逻”的移动应用程序。我们演示了如何将运行网络安全巡逻的手机放置在无人机或自动真空吸尘器上,以搜索试图模仿打印机的Wi-Fi连接的设备,以及在目标组织中暴露不安全无线连接的打印机。网络安全巡逻队将检测到的未授权Wi-Fi打印机的位置拍照,并将其发送给组织的管理员。对于启用Wi-Fi的打印机是合法的但不安全的情况,网络安全巡逻队会向打印机发送打印作业,并详细说明如何保护基于其服务集标识符(SSID)识别的特定打印机型号。可以在这里找到演示其中一个用例的演示:https://www.youtube.com/watch?v=aJ2ZG04BrjM
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Cyber security patrol: detecting fake and vulnerable wifi-enabled printers
Many printers nowadays support Wi-Fi connectivity. Some organizations opt to disable their printer's wireless connectivity, others are not aware at all that it is enabled and some enable it in an encrypted form. In this paper we demonstrate how an application called "pFaker" running on a mobile device or smart watch can be used to mimic a printer's Wi-Fi connectivity and functionalities in order to harm user privacy by unobtrusively stealing print jobs. To mitigate these risks, we developed a mobile application called "Cyber-Security Patrol". We demonstrate how a mobile phone running Cyber-Security patrol can be placed on a drone or an autonomous vacuum cleaner to search for devices that try to mimic the printer's Wi-Fi connectivity and for printers that expose unsecured wireless connection in the target organization. Cyber-Security Patrol takes photos of the location where unauthorized Wi-Fi enabled printers were detected and sends them to the organization's administrator. For cases that the Wi-Fi enabled printer is legitimate but unsecured, Cyber Security Patrol sends a print job to the printer with detailed instructions on how to secure the specific printer model as identified based on its Service Set Identifier (SSID). A demo that demonstrates one of the use cases can be found here: https://www.youtube.com/watch?v=aJ2ZG04BrjM
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信